unl0kr: don't add extra deps to user's PATH

2024-05-26 01:17:42 +00:00 · 2024-05-26 01:17:42 +00:00 · 8cb73687ce
commit 8cb73687ce
parent 73f5c9608e
2 changed files with 17 additions and 8 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@ -807,6 +807,8 @@ in
    sequoia.sandbox.whitelistPwd = true;
    sequoia.sandbox.autodetectCliPaths = true;

+    shadow.sandbox.enable = false;  #< `login` can't be sandboxed, since it starts an interactive user session
+
    shattered-pixel-dungeon.buildCost = 1;
    shattered-pixel-dungeon.persist.byStore.plaintext = [ ".local/share/.shatteredpixel/shattered-pixel-dungeon" ];
    shattered-pixel-dungeon.sandbox.method = "bwrap";
--- a/hosts/common/programs/unl0kr/default.nix
+++ b/hosts/common/programs/unl0kr/default.nix
@ -9,13 +9,12 @@ let
  };
  launcher = pkgs.writeShellApplication {
    name = "unl0kr-login";
-    runtimeInputs = [
-      # TODO: since this invokes `login`, adding these deps to PATH is questionable
-      cfg.package
-      pkgs.shadow
-      redirect-tty
-    ];
    text = ''
+      extraPath=/run/current-system/sw/bin:/bin:${lib.makeBinPath [ cfg.package config.sane.programs.shadow.package redirect-tty ]}
+      locate() {
+        PATH=$PATH:$extraPath command -v "$1"
+      }
+
      # TODO: make this more robust to failure.
      # - if `unl0kr` fails, then the second `redirect-tty` sends a newline to `login`, causing it to exit and the service fails.
      # - if `redirect-tty` fails, then... the service is left hanging.
@ -25,8 +24,12 @@ let
      #   but modified to not leak pword to CLI
      # - implement some sort of watchdog (e.g. detect spawned children?)
      # - set a timeout at the outer scope (which gets canceled upon successful login)
-      bash -c 'redirect-tty "/dev/${tty}" unl0kr ; sleep 2 ; redirect-tty "/dev/${tty}" echo ""' &
-      login -p ${cfg.config.user}
+      PATH=$PATH:$extraPath sh -c 'redirect-tty "/dev/${tty}" unl0kr ; sleep 2 ; redirect-tty "/dev/${tty}" echo ""' &
+
+      # N.B.: invoke `login` by full path instead of modifying `PATH`,
+      # because we don't want the user session to inherit the PATH of this script!
+      _login="$(locate login)"
+      "$_login" -p ${cfg.config.user}
    '';
  };
 in
@ -82,6 +85,10 @@ in
      };
    };

+    suggestedPrograms = [
+      "shadow"  #< for login
+    ];
+
    fs.".profile".symlink.text = lib.mkMerge [
      (lib.mkBefore ''
        # setup primarySessionCommands here and let any other nix config populate it later